[ previous ] [ next ] [ threads ]
 
 From:  "Adam Armstrong" <lists at memetic dot org>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Cc:  "'Marcel Wiget'" <mwiget at mac dot com>
 Subject:  RE: [m0n0wall-dev] Voucher support in captive portal
 Date:  Mon, 26 Mar 2007 10:21:49 +0100
Oh, this is great!

Could it be added to 1.23 too?

Thanks,
Adam.

> -----Original Message-----
> From: Marcel Wiget [mailto:mwiget at mac dot com]
> Sent: 26 March 2007 10:15
> To: m0n0wall dash dev at lists dot m0n0 dot ch
> Subject: [m0n0wall-dev] Voucher support in captive portal
> 
> time to contribute back to the excellent m0n0wall and its community ...
> 
> Some time ago we were looking for a simple hotspot solution and found
> m0n0wall. We didn't want to use a centralized RADIUS server but rather
> have m0n0wall (WRAP platform) do the authentication based on vouchers
> that are printed beforehand and handed out to customers.
> 
> So I added voucher handling support to m0n0wall. Test images for
> generic pc
> and WRAP , based on the latest beta, 1.3b2, can be found at the
> following URL:
> 
> http://homepage.mac.com/mwiget/FileSharing17.html
> 
> Patch has also been committed to the freebsd6 beta branch.
> 
> Quick Howto:
> 
> To enable, create and manage voucher support via captive portal,
> there is
> a new Tab under Services->Captive Portal: Voucher.
> 
> Enable captive portal first, upload a landing page that contains an
> input field 'auth_voucher'. An example can be found on the the URL
> above.
> Then enable Voucher support on the Voucher tab. Initially you can
> leave all
> fields with its defaults. Every new install will create unique
> encryption
> keys.
> Now add at least one "Roll" by clicking '+' on the Vouchers page, right
> to 'Voucher rolls': Specify a Roll Number, e.g. 0, how many vouchers
> that
> roll shall contain, and how long each voucher allows network access.
> Then generate the new vouchers by clicking on the paper logo right to
> the newly
> added roll. This will generate a CSV file and download via your
> browser.
> 
> Each of these generated vouchers can now be used by users for the
> configured
> amount of minutes for that roll. Note that as soon as a voucher has
> been
> activated, its timer will run down to zero and then block access, no
> matter
> if the session is idle or got disconnected due to logout or session
> termination.
> 
> To test the vouchers in the m0n0wall GUI, click on Status->Captive
> Portal. New
> tabs, dedicated to voucher handling, show up when voucher support is
> enabled.
> Click on status->captive portal-> Test Vouchers and enter one or more
> of the
> newly generated vouchers from the downloaded CSV file and click submit.
> A message will be shown with the validation and duration of each given
> voucher.
> 
> One can add multiple rolls, e.g. to have vouchers with different time
> credit.
> It is also possible, to enter multiple vouchers, separated by space,
> to gain
> the sum of time credit of all entered vouchers.
> 
> There is more to it, read the comments to each config parameter on
> the voucher
> page.
> 
> Note on the very short public/private RSA keys: I know, those can be
> cracked
> easy and in no time, if one of the keys is known. The idea here was
> to make
> it a little bit harder than simply adding a shared password into the
> m0n0wall
> config file. Unfortunately I'm no expert on encryption but I assume
> with such
> short encrypted vouchers, there is no security difference between the
> used
> RSA keys and a symmetric encryption. Anyhow, all that encryption/
> decryption
> stuff is done in a newly added binary C program voucher.c, that is
> compiled and
> added into the m0n0wall image, and can be modified to increase the
> usability
> and security.
> 
> I'm sure there are bugs and issues with this new code, and I'll try
> my best
> to work them out. Any feedback is welcome.
> 
> Best regards,
> 
> Marcel
> 
> 
> 
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: m0n0wall dash dev dash unsubscribe at lists dot m0n0 dot ch
> For additional commands, e-mail: m0n0wall dash dev dash help at lists dot m0n0 dot ch